configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
dovecot-2.3.3-1.fc29.x86_64
Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207) [0x7fe76dff1207] -> /usr/lib64/dovecot/libdovecot.so.0(+0x4972b) [0x7fe76dfe972b] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_request_destroy+0x107) [0x7fe76e02cf87] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_deinit+0x4c) [0x7fe76e03b9ec] -> dovecot/auth(auth_policy_deinit+0x1e) [0x55facfdb350e] -> dovecot/auth(main+0x3e1) [0x55facfdae3c1] -> /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fe76dd93413] -> dovecot/auth(_start+0x2e) [0x55facfdae57e] Mar 28 10:04:47 auth: Fatal: master: service(auth): child 31162 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) Mar 28 10:04:48 master: Info: Dovecot v2.3.3 (dcead646b) starting up for imap, pop3
On Mar 28, 2019, at 10:29 AM, Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 28 March 2019 16:08 Robert Kudyba via dovecot <dovecot@dovecot.org> wrote:
dovecot-2.3.3-1.fc29.x86_64
Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207) [0x7fe76dff1207] -> /usr/lib64/dovecot/libdovecot.so.0(+0x4972b) [0x7fe76dfe972b] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_request_destroy+0x107) [0x7fe76e02cf87] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_deinit+0x4c) [0x7fe76e03b9ec] -> dovecot/auth(auth_policy_deinit+0x1e) [0x55facfdb350e] -> dovecot/auth(main+0x3e1) [0x55facfdae3c1] -> /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fe76dd93413] -> dovecot/auth(_start+0x2e) [0x55facfdae57e] Mar 28 10:04:47 auth: Fatal: master: service(auth): child 31162 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps <https://urldefense.proofpoint.com/v2/url?u=https-3A__dovecot.org_bugreport.html-23coredumps&d=DwMCaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=IGBmGF0IssHPP5aIO3xrxNm2mUwwDP12018rdFC0vuo&s=IoU3mYEwgiux42XqobrYw4SyE39GjhvuBXoXWA42HKY&e=> - set /proc/sys/fs/suid_dumpable to 2) Mar 28 10:04:48 master: Info: Dovecot v2.3.3 (dcead646b) starting up for imap, pop3
Hi,
this is a known issue as DOV-3019 and we are fixing this. It happens during auth process shutdown if there are pending requests.
Another issue is that the dovecot logs always report the offending URL or IP as what’s in /etc/dovecot/conf.d/95-auth.conf in our case: auth_policy_server_url = https://ourdomain:8084/ <https://dsm.dsm.fordham.edu:8084/>
These are HTTP errors in the logs:
Mar 28 09:58:04 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=lmNw8SeFoMl/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=51616 resp=<hidden> Mar 28 09:58:04 auth: Debug: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy request https://ourdomain:8084/?command=allow <https://dsm.dsm.fordham.edu:8084/?command=allow> Mar 28 09:58:04 auth: Debug: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy server request JSON: {"device_id":"","login":"unclroot","protocol":"imap","pwhash":"68","remote":"127.0.0.1","tls":false} Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Error: 9003 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Submitted (requests left=3) Mar 28 09:58:04 auth: Error: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy server HTTP error: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Destroy (requests left=3) Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Free (requests left=2)
So wforce is always recording the “bad” IP as 127.0.0.1 or the FQDN, and not the actual user IP. Is there another place to set this?
Perhaps I have to set this in wforce.conf? webserver("0.0.0.0:8084", “ourpassword")
Set
ssl_client_ca_file=/path/to/cacert.pem to validate the certificate
Can this be the Lets Encrypt cert that we already have? In other words we have: ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem
Can those be used?
Are you using haproxy or something in front of dovecot?
No. Just Squirrelmail webmail with sendmail.
Set
ssl_client_ca_file=/path/to/cacert.pem to validate the certificate
Can this be the Lets Encrypt cert that we already have? In other words we have: ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem
Can those be used?
Set it to *CA* cert. You can also use
ssl_client_ca_file=/etc/pki/tls/ca-bundle crt (on centos)
OK did that.
ssl_client_ca_dir=/etc/ssl/certs (on debian based)
Are you using haproxy or something in front of dovecot?
No. Just Squirrelmail webmail with sendmail.
Maybe squirrelmail supports forwarding original client ip with ID command. Otherwise dovecot cannot know it. Or you could configure squirrelmail to use weakforced ?
I see some options in http://squirrelmail.org/docs/admin/admin-5.html#ss5.3 <http://squirrelmail.org/docs/admin/admin-5.html#ss5.3>. Would it be a plugin?
Also check that auth_policy_request_attributes use %{rip} and not %{real_rip}. You can see this with
doveconf auth_policy_request_attributes
Yes I’ve confirmed it matches. Still getting the URL or IP of the webmail address as well as errors like SSL handshake to ex.ter.na.lip:8084 failed: Connection closed
Mar 28 16:13:36 auth: Debug: http-client[1]: queue https://ourdomain:8084: Timeout (now: 2019-03-28 16:13:36.300) Mar 28 16:13:36 auth: Debug: http-client[1]: queue https://ourdomain:8084: Absolute timeout expired for request [Req10: POST https://ourdomain:8084/?command=allow] (Request queued 2.002 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:36 auth: Debug: http-client[1]: request [Req10: POST https://ourdomain:8084/?command=allow]: Error: 9008 Absolute request timeout expired (Request queued 2.002 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:36 auth: Debug: http-client[1]: queue https://ourdomain:8084: Dropping request [Req10: POST https://ourdomain:8084/?command=allow] Mar 28 16:13:36 auth: Error: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy server HTTP error: Absolute request timeout expired (Request queued 2.002 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:36 auth: Debug: http-client[1]: request [Req10: POST https://ourdomain:8084/?command=allow]: Destroy (requests left=1) Mar 28 16:13:36 auth: Debug: http-client[1]: request [Req10: POST https://ourdomain:8084/?command=allow]: Free (requests left=0) Mar 28 16:13:36 auth-worker(32249): Debug: pam(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): lookup service=dovecot Mar 28 16:13:36 auth-worker(32249): Debug: pam(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): #1/1 style=1 msg=Password: Mar 28 16:13:38 auth-worker(32249): Info: pam(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): unknown user Mar 28 16:13:38 auth: Debug: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy request https://ourdomain:8084/?command=report Mar 28 16:13:38 auth: Debug: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy server request JSON: {"device_id":"","login":"abc","protocol":"imap","pwhash":"00","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} Mar 28 16:13:38 auth: Debug: http-client[1]: queue https://ourdomain:8084: Set request timeout to 2019-03-28 16:13:40.625 (now: 2019-03-28 16:13:38.625) Mar 28 16:13:38 auth: Debug: http-client: peer ex.ter.na.lip:8084 (shared): Peer reused Mar 28 16:13:38 auth: Debug: http-client[1]: queue https://ourdomain:8084: Setting up connection to ex.ter.na.lip:8084 (SSL=ourdomain) (1 requests pending) Mar 28 16:13:38 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=report]: Submitted (requests left=1) Mar 28 16:13:38 auth: Debug: http-client[1]: peer ex.ter.na.lip:8084: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Mar 28 16:13:40 auth: Debug: client passdb out: FAIL 1 user=abc Mar 28 16:13:40 imap-login: Info: Aborted login (auth failed, 1 attempts in 6 secs): user=<abc>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<5aBSMC2FROF/AAAB> Mar 28 16:13:40 auth: Debug: http-client[1]: queue https://ourdomain:8084: Timeout (now: 2019-03-28 16:13:40.626) Mar 28 16:13:40 auth: Debug: http-client[1]: queue https://ourdomain:8084: Absolute timeout expired for request [Req11: POST https://ourdomain:8084/?command=report] (Request queued 2.000 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:40 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=report]: Error: 9008 Absolute request timeout expired (Request queued 2.000 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:40 auth: Debug: http-client[1]: queue https://ourdomain:8084: Dropping request [Req11: POST https://ourdomain:8084/?command=report] Mar 28 16:13:40 auth: Error: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy server HTTP error: Absolute request timeout expired (Request queued 2.000 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:40 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=report]: Destroy (requests left=1) Mar 28 16:13:40 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=report]: Free (requests left=0)
Mar 28 16:13:59 auth: Debug: http-client: peer ex.ter.na.lip:8084 (shared): Backoff timer expired Mar 28 16:13:59 auth: Debug: http-client[1]: peer ex.ter.na.lip:8084: Making new connection 1 of 1 (0 connections exist, 0 pending) Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: HTTPS connection created (1 parallel connections exist) Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: Connected Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: Starting SSL handshake Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: SSL handshake to ex.ter.na.lip:8084 failed: Connection closed Mar 28 16:13:59 auth: Debug: http-client[1]: peer ex.ter.na.lip:8084: Connection failed (1 connections exist, 0 pending) Mar 28 16:13:59 auth: Debug: http-client: peer ex.ter.na.lip:8084: Failed to make connection (1 connections exist, 0 pending) Mar 28 16:13:59 auth: Debug: http-client[1]: peer ex.ter.na.lip:8084: Failed to establish any connection within our peer pool: SSL handshake to ex.ter.na.lip:8084 failed: Connection closed (1 connections exist, 0 pending) Mar 28 16:13:59 auth: Debug: http-client[1]: queue https://ourdomain:8084: Failed to set up connection to ex.ter.na.lip:8084 (SSL=ourdomain): SSL handshake to ex.ter.na.lip:8084 failed: Connection closed (1 peers pending, 0 requests pending) Mar 28 16:13:59 auth: Debug: http-client[1]: queue https://ourdomain:8084: Failed to set up any connection; failing all queued requests Mar 28 16:13:59 auth: Debug: http-client[1]: peer ex.ter.na.lip:8084: Unlinked queue https://ourdomain:8084 (0 queues linked) Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: Connection close Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: Connection disconnect Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: Detached peer Mar 28 16:13:59 auth: Debug: http-client[1]: conn ex.ter.na.lip:8084 [9]: Connection destroy
On 28.3.2019 22.34, Robert Kudyba via dovecot wrote:
Set
ssl_client_ca_file=/path/to/cacert.pem to validate the certificate
Can this be the Lets Encrypt cert that we already have? In other words we have: ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem
Can those be used?
Set it to *CA* cert. You can also use
ssl_client_ca_file=/etc/pki/tls/ca-bundle crt (on centos)
OK did that.
ssl_client_ca_dir=/etc/ssl/certs (on debian based)
Are you using haproxy or something in front of dovecot?
No. Just Squirrelmail webmail with sendmail.
Maybe squirrelmail supports forwarding original client ip with ID command. Otherwise dovecot cannot know it. Or you could configure squirrelmail to use weakforced ?
I see some options in http://squirrelmail.org/docs/admin/admin-5.html#ss5.3. Would it be a plugin?
Also check that auth_policy_request_attributes use %{rip} and not %{real_rip}. You can see this with
doveconf auth_policy_request_attributesYes I’ve confirmed it matches. Still getting the URL or IP of the webmail address as well as errors like SSL handshake to ex.ter.na.lip:8084 failed: Connection closed
Mar 28 16:13:36 auth: Debug: http-client[1]: queue https://ourdomain:8084: Timeout (now: 2019-03-28 16:13:36.300) Mar 28 16:13:36 auth: Debug: http-client[1]: queue https://ourdomain:8084: Absolute timeout expired for request [Req10: POST https://ourdomain:8084/?command=allow] (Request queued 2.002 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:36 auth: Debug: http-client[1]: request [Req10: POST https://ourdomain:8084/?command=allow]: Error: 9008 Absolute request timeout expired (Request queued 2.002 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:36 auth: Debug: http-client[1]: queue https://ourdomain:8084: Dropping request [Req10: POST https://ourdomain:8084/?command=allow] Mar 28 16:13:36 auth: Error: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy server HTTP error: Absolute request timeout expired (Request queued 2.002 secs ago, not yet sent, 0.000 in other ioloops) Mar 28 16:13:36 auth: Debug: http-client[1]: request [Req10: POST https://ourdomain:8084/?command=allow]: Destroy (requests left=1) Mar 28 16:13:36 auth: Debug: http-client[1]: request [Req10: POST https://ourdomain:8084/?command=allow]: Free (requests left=0) Mar 28 16:13:36 auth-worker(32249): Debug: pam(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): lookup service=dovecot Mar 28 16:13:36 auth-worker(32249): Debug: pam(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): #1/1 style=1 msg=Password: Mar 28 16:13:38 auth-worker(32249): Info: pam(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): unknown user Mar 28 16:13:38 auth: Debug: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy request https://ourdomain:8084/?command=report Mar 28 16:13:38 auth: Debug: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy server request JSON: {"device_id":"","login":"abc","protocol":"imap","pwhash":"00","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false}
Well, as I said, it's up to squirrelmail to actually provide the real client IP. Otherwise dovecot cannot know it. You can try turning on imap rawlogs (see https://wiki.dovecot.org/Debugging/Rawlog) and check if squirrelmail is forwarding client ip or not.
Aki
Aki
Well, as I said, it's up to squirrelmail to actually provide the real client IP. Otherwise dovecot cannot know it. You can try turning on imap rawlogs (see https://wiki.dovecot.org/Debugging/Rawlog <https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.dovecot.org_Debugging_Rawlog&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=tsGwDRgUrhwnh5KZlvG0kkoKFHTZ10ZLURcHI6mywak&s=23MOSSu15fdwptssjVJVkZk1TuC_hg3QMy5t_8nLFmw&e=>) and check if squirrelmail is forwarding client ip or not.
I added:to /etc/dovecot/conf.d/10-master.conf
service postlogin { executable = script-login -d rawlog unix_listener postlogin { } }
restarted Dovecot and wforce only seeing this, which shows the loopback address:
*Mar 29 10:10:51 imap-login: Info: Login: user=<ouruser>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=10385, secured, session=<8KTTPDyFVIh/AAAB>* Mar 29 10:10:51 imap(ouruser)<10385><8KTTPDyFVIh/AAAB>: Info: Connection closed (UID FETCH finished 0.030 secs ago) in=308 out=27743 deleted=0 expunged=0 trashed=0 hdr_count=50 hdr_bytes=10263 body_count=0 body_bytes=0 Mar 29 10:10:51 auth: Debug: auth client connected (pid=10389) Mar 29 10:10:51 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=2MwBPTyFWoh/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=34906 resp=<hidden> Mar 29 10:10:51 auth: Debug: policy(ouruser,127.0.0.1,<2MwBPTyFWoh/AAAB>): Policy request https://ourdomain:8084/?command=allow Mar 29 10:10:51 auth: Debug: policy(ouruser,127.0.0.1,<2MwBPTyFWoh/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"68","remote":"127.0.0.1","tls":false} Mar 29 10:10:51 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Peer reused Mar 29 10:10:51 auth: Debug: http-client[1]: queue https://ourdomain:8084: Setting up connection to ip.of.se.vr:8084 (SSL=ourdomain) (2 requests pending) Mar 29 10:10:51 auth: Debug: http-client[1]: request [Req7: POST https://ourdomain:8084/?command=allow]: Submitted (requests left=2) Mar 29 10:10:51 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Backoff timer expired Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Making new connection 1 of 1 (0 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: HTTPS connection created (1 parallel connections exist) Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connected Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Starting SSL handshake Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: SSL handshake to ip.of.se.vr:8084 failed: Connection closed Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Connection failed (1 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084: Failed to make connection (1 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Failed to establish any connection within our peer pool: SSL handshake to ip.of.se.vr:8084 failed: Connection closed (1 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client[1]: queue https://ourdomain:8084: Failed to set up connection to ip.of.se.vr:8084 (SSL=ourdomain): SSL handshake to ip.of.se.vr:8084 failed: Connection closed (1 peers pending, 2 requests pending) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Peer reused Mar 29 10:10:52 auth: Debug: http-client[1]: queue https://ourdomain:8084: Setting up connection to ip.of.se.vr:8084 (SSL=ourdomain) (2 requests pending) Mar 29 10:10:52 auth: Debug: http-client[1]: queue https://ourdomain:8084: Started new connection to ip.of.se.vr:8084 (SSL=ourdomain) Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connection close Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connection disconnect Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Detached peer Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connection destroy Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Starting backoff timer for 6400 msecs Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Timeout (now: 2019-03-29 10:10:53.503) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Absolute timeout expired for request [Req6: POST https://ourdomain:8084/?command=report] (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops) Mar 29 10:10:53 auth: Debug: http-client[1]: request [Req6: POST https://ourdomain:8084/?command=report]: Error: 9008 Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Dropping request [Req6: POST https://ourdomain:8084/?command=report] Mar 29 10:10:53 auth: Error: policy(ouruser,127.0.0.1,<8KTTPDyFVIh/AAAB>): Policy server HTTP error: Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops) Mar 29 10:10:53 auth: Debug: http-client[1]: request [Req6: POST https://ourdomain:8084/?command=report]: Destroy (requests left=2) Mar 29 10:10:53 auth: Debug: http-client[1]: request [Req6: POST https://ourdomain:8084/?command=report]: Free (requests left=1) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: New timeout Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Set request timeout to 2019-03-29 10:10:53.613 (now: 2019-03-29 10:10:53.503) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Timeout (now: 2019-03-29 10:10:53.613) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Absolute timeout expired for request [Req7: POST https://ourdomain:8084/?command=allow] (Request queued 2.000 secs ago, not yet sent, 0.000 in other ioloops)
What feature or setting would I be looking for in Squirrelmail to change to wforce?
participants (2)
-
Aki Tuomi
-
Robert Kudyba